UK Agency Has "No Reason to Doubt" Apple's Side of Bloomberg Hacking Story

Apple's press release strongly denies any such hack.

The British government’s cybersecurity agency stated on Friday that it has “no reason to doubt” Apple’s denial of a bombshell Bloomberg report. The publication claimed this week that around 30 American technology firms were subject to a hack by China in 2015, using a tiny hardware chip inside motherboards. Apple vehemently denied the allegations in a far-reaching press release, as did other firms.

“We are aware of the media reports but at this stage have no reason to doubt the detailed assessments made by AWS [Amazon Web Services] and Apple,” the National Cyber Security Center tells Inverse. The center is a part of the Government Communications Headquarters, also known as GCHQ, a body that has been described as the British equivalent of the National Security Agency, or NSA. “The NCSC engages confidentially with security researchers and urges anybody with credible intelligence about these reports to contact us.”

[Bloomberg Businessweek(https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies) claimed in a cover story on Thursday that Chinese authorities planted tiny chips on the motherboards of Super Micro Computer servers, citing 17 anonymous sources. The story claims that back in 2013, Apple acquired a startup called Topsy Labs with the view of improving Siri search speed, and the company purchased thousands of Super Micro servers to power this new technology. It claims Apple was using 7,000 such servers when it discovered the flaw.

“We can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement,” the company stated in its denial, going on to say: “We are deeply disappointed that in their dealings with us, Bloomberg’s reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously-reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple.”